December 24, 2011
July 11, 2011
Explain Agile Testing.
May 30, 2011
September 24, 2010
Explain the different types of Severity.
Boundary Related Defects – Medium
Error Handling Defects – Medium
Calculation Defects – High
Interpreting Data Defects – High
Hardware Failures & Problems - High
Compatibility and Intersystem defects- High
Control flow defects – High
Load Conditions (Memory Leakages under load testing) – High
July 13, 2010
What is Bucket Testing?
June 30, 2010
What is Entry and Exit Criteria in Software Testing?
SRS – Software
The Exit Criteria ensures whether testing is completed and the application is ready for release, like,
Test Summary Report
Defect Analysis Report.
June 11, 2010
What is Concurrency Testing?
Load runner is widely used for this type of testing, Vugen (Virtual User Generator) is used to add the number of concurrent users and how the users need to be added like Gradual Rampup or Spike Stepped.
April 16, 2010
What is the difference between Functional Requirement and Non – Functional Requirement?
Some Functional Requirements are,
Legal and Regulatory Requirements
Some Non Functional Requirements are,
January 27, 2010
Explain Statement Coverage / Code Coverage / Line Coverage.
Some advantages of Statement Coverage / Code Coverage / Line Coverage are,
· It verifies what the written code is expected to do and not to do.
· It measures the quality of code written.
· It checks the flow of different paths in the program also ensure whether those paths are tested or not.
To Calculate Statement Coverage,
Statement Coverage = Statements Tested / Total No. of Statements.
December 29, 2009
Explain Branch Coverage / Decision Coverage.
To Calculate Branch Coverage,
November 25, 2009
What is the difference between High level and Low level test cases?
Low level test cases are those related to User Interface (UI) in the application.
October 26, 2009
Explain Localization Testing with examples.
In terms of Localization Testing it verifies how correctly the application is changed or modified into that target culture and language.
In case of translation required of the application on that local language, testing should be done on each field to check the correct translation. Other formats like date conversion, hardware and software usage like operating system should also be considered in localization testing.
Examples for Localization Testing are,
· In Islamic Banking all the transactions and product features are based on Shariah Law, some important points to be noted in Islamic Banking are,
1.In Islamic Banking, the bank shares the profit and loss with the customer.
2.In Islamic Banking, the bank cannot charge interest on the customer; instead they charge a nominal fee which is termed as “Profit”.
3.In Islamic Banking, the bank will not deal or invest in business like Gambling, Alcohol, Pork, etc.
In this case, we need to test whether these Islamic banking conditions were modified and applied in the application or product.
· In Islamic Lending, they follow both the Gregorian Calendar and Hijiri Calendar for calculating the loan repayment schedule. The Hijiri Calendar is commonly called as Islamic Calendar followed in all the Muslim countries according to the lunar cycle. The Hijiri Calendar has 12 months and 354 days which is 11 days shorter than Gregorian Calendar. In this case, we need to test the repayment schedule by comparing both the Gregorian Calendar and Hijiri Calendar.
September 25, 2009
Explain Risk Analysis in Software Testing.
In Software Testing some unavoidable risk might takes place like,
· Change in requirements or Incomplete requirements.
· Time allocation for testing.
· Developers delaying to deliver the build for testing.
· Urgency from client for delivery.
· Defect Leakage due to application size or complexity.
To overcome these risks, the following activities can be done,
· Conducting Risk Assessment review meeting with the development team.
· Profile for Risk coverage is created by mentioning the importance of each area.
· Using maximum resources to work on High Risk areas like allocating more testers for High risk areas and minimum resources for Medium and Low risk areas.Creation of Risk assessment database for future maintenance and management review.
September 11, 2009
What is the difference between Two Tier Architecture and Three Tier Architecture?
The Client/Server Testing involves testing the Two Tier Architecture of user interface in the front end and database as backend with dependencies on Client, Hardware and Servers.
In Three Tier Architecture or Multi Tier Architecture three layers like Client, Server and Database are involved. In this the Client sends a request to Server, where the Server sends the request to Database for data, based on that request the Database sends back the data to Server and from Server the data is forwarded to Client.
July 2, 2009
What is the difference between Static Testing and Dynamic Testing?
· Static Testing is more cost effective than Dynamic Testing because Static Testing is done in the initial stage.
· In terms of Statement Coverage, the Static Testing covers more areas than Dynamic Testing in shorter time.
· Static Testing is done before the code deployment where the Dynamic Testing is done after the code deployment.
· Static Testing is done in the Verification stage where the Dynamic Testing is done in the Validation stage.
June 1, 2009
Explain Use case diagrams. What are the attributes of use cases?
In Use Case Diagrams the whole system is defined as ACTORS, USE CASES and ASSOCIATIONS, the ACTORS are the external part of the system like users, computer software & hardware, USECASES is the behavior or functionality of the system when these ACTORS perform an action, the ASSOCIATIONS are the line drawn to show the connection between ACTORS and USECASES. One ACTOR can link to many USECASES and one USECASE can link to many ACTORS.
April 16, 2009
What is Web Application Testing? Explain the different phases in Web Application Testing.
In Web tier testing, the browser compatibility of the application will be tested for IE, FireFox and other web browsers.
In Middle tier testing, the functionality and security issues were tested.
In Database tier testing, the database integrity and the contents of the database were tested and verified.
March 3, 2009
What is the difference between Priority and Severity?
The terms Priority and Severity are used in Bug Tracking to share the importance of a bug among the team and to fix it.
1. The Severity status is used to explain how badly the deviation is affecting the build.
2. The severity type is defined by the tester based on the written test cases and functionality.
Ex : If an application or a web page crashes when a remote link is clicked, in this case clicking the remote link by an user is rare but the impact of application crashing is severe, so the severity is high and priority is low.
1. The Priority status is set by the tester to the developer mentioning the time frame to fix a defect. If High priority is mentioned then the developer has to fix it at the earliest.
2. The priority status is set based on the customer requirements.
Ex : If the company name is misspelled in the home page of a website, then the priority is high and the severity is low to fix it.
February 22, 2009
Explain Unit Testing, Interface Testing and Integration Testing. Also explain the types of Integration Testing in brief.
Unit Testing is done to check whether the individual modules of the source code is working properly. i.e Testing each and every unit of the application separately by the developer in developers environment.
Interface Testing is done to check whether the individual modules are communicating properly one among other as per the specifications.
Interface Testing is mostly used in testing the user interface of GUI applications.
Integration Testing is done to check the connectivity by combining all the individual modules together and test the functionality.
The types of Integration Testing are,
1) Big Bang Integration Testing
In Big Bang Integration Testing, the individual modules are not integrated until all the modules are ready. Then they will run to check whether it is performing well.
In this type of testing, some disadvantages might occur like,
Defects can be found at the later stage.
It would be difficult to find out whether the defect arouse in Interface or in module.
2) Top Down Integration Testing
In Top Down Integration Testing, the high level modules are integrated and tested first. i.e Testing from main module to sub module. In this type of testing, Stubs are used as temporary module if a module is not ready for integration testing.
3) Bottom Up Integration Testing
In Bottom Up Integration Testing, the low level modules are integrated and tested first i.e Testing from sub module to main module. Same like Stubs, here drivers are used as a temporary module for integration testing.
February 7, 2009
Explain Alpha, Beta, Gamma Testing.
Alpha Testing is mostly like performing usability testing which is done by the in-house developers who developed the software or testers. Sometimes this Alpha Testing is done by the client or an outsider with the presence of developer and tester. The version release after alpha testing is called Alpha Release.
Beta Testing is done by limited number of end users before delivery, the change request would be fixed if the user gives feedback or reports defect. The version release after beta testing is called beta Release.
Gamma Testing is done when the software is ready for release with specified requirements, this testing is done directly by skipping all the in-house testing activities.
January 18, 2009
Explain the methods and techniques used for Security Testing.
· Black Box Level
· White Box Level
· Database Level
Black Box Level
Session Hijacking commonly called as “IP Spoofing” where a user session will be attacked on a protected network.
Session Prediction is a method of obtaining data or a session ID of an authorized user and gets access to the application. In a web application the session ID can be retrieved from cookies or URL.
The Session Prediction happening can be predicted when a website is not responding normally or stops responding for an unknown reason.
Email Spoofing is duplicating the email header (“From” address) to look like originated from actual source and if the email is replied it will land in the spammers inbox. By inserting commands in the header the message information can be altered. It is possible to send a spoofed email with information you didn’t write.
Content spoofing is a technique to develop a fake website and make the user believe that the information and website is genuine. When the user enters his Credit Card Number, Password, SSN and other important details the hacker can get the data and use if for fraud purposes.
Phishing is similar to Email Spoofing where the hacker sends a genuine look like mail attempting to get the personal and financial information of the user. The emails will appear to have come from well known websites.
Password Cracking is used to identify an unknown password or to identify a forgotten password
Password cracking can be done through two ways,
1. Brute Force – The hacker tries with a combination of characters within a length and tries until it is getting accepted.
2. Password Dictionary – The hacker uses the Password dictionary where it is available on various topics.
White Box Level
SQL Injection is most popular in Code Injection Attack, the hacker attach the malicious code into the good code by inserting the field in the application. The motive behind the injection is to steal the secured information which was intended to be used by a set of users.
Apart from SQL Injection, the other types of Malicious code injection are XPath Injection, LDAP Injection, and Command Execution Injection. Similar to SQL Injection the XPath Injection deals with XML document.
Penetration Testing is used to check the security of a computer or a network. The test process explores all the security aspects of the system and tries to penetrate the system.
Input validation is used to defend the applications from hackers. If the input is not validated mostly in web applications it could lead to system crashes, database manipulation and corruption.
Variable manipulation is used as a method for specifying or editing the variables in a program. It is mostly used to alter the data sent to web server.
SQL Injection is used to hack the websites by changing the backend SQL statements, using this technique the hacker can steal the data from database and also delete and modify it.
December 22, 2008
Explain IEEE 829 standard and other software testing standards.
IEEE 829 Standard is used for Software Test Documentation, where it specifies format for the set of documents to be used in the different stages software testing.
The documents are,
Test Plan – Test Plan is a planning document which has information about the scope, resources, duration, test coverage and other details.
Test Design – Test Design document has information of test pass criteria with test conditions and expected results.
Test Case – Test case document has information about the test data to be used.
Test Procedure – Test Procedure has information about the test steps to be followed and how to execute it.
Test Log – Test log has details about the run test cases, test plans & fail status, order, and the resource information who tested it.
Test Incident Report – Test Incident Report has information about the failed test comparing the actual result with expected result.
Test Summary Report – Test Summary Report has information about the testing done and quality of the software, it also analyses whether the software has met the requirements given by customer.
The other standards related to software testing are,
IEEE 1008 is for Unit Testing
IEEE 1012 is for Software verification and validation
IEEE 1028 is for Software Inspections
IEEE 1061 is for Software metrics and methodology
IEEE 1233 is for guiding the SRS development
IEEE 12207 is for SLC process
December 17, 2008
What is Test Harness?
The benefits of Test Harness are,
Productivity increase due to process automation.
Quality in the application.
November 23, 2008
What is SEI? CMM? CMMI? ISO? IEEE? ANSI?
CMM refers to 'Capability Maturity Model', presently called as CMMI 'Capability Maturity Model Integration’; it was developed by SEI and used to understand the processes followed in as organization. CMMI ratings were given to organizations after review by auditors.
CMMI has five levels of process maturity for quality software delivery, they are,
Level 1 – In this level only few processes were used and to rely on individual efforts for successful completion of projects.
Level 2 – In this level there will be realistic planning like project tracking, requirements analysis, configuration management.
Level 3 – In this level a proper software development and maintenance are incorporated throughout the organization. Training programs are exercised for better understanding of the process.
Level 4 – In this level various metrics are used to follow the process and products. The delivery quality is high.
Level 5 – In this level new process and technology were used and implemented efficiently. The objective will be for consistence process development.
ISO refers to 'International Organization for Standardization', the ISO 9001:2000 standard is used for quality systems audited by outside auditors. This standard is applicable for manufacturing companies not only for software. This standard is given based on the documentation, design, production, testing, servicing and other processes.
IEEE refers to 'Institute of Electrical and Electronics Engineers', which has members from many technical professional organizations around the world. IEEE 829 is the standard followed for software test documentation.
ANSI refers to 'American National Standards Institute', which manages the development of standards for products, services, personnel, processes, and systems in U.S. This organization also works with other international standards to make use of American products worldwide.
October 14, 2008
What is Scalability Testing?
September 27, 2008
Explain Test Plan, Test Strategy, Test Scenario, Test Case, Test Script, Test Environment, Test Procedure and Test Log.
Test Plan is a document with information on Scope of the project, Approach, Schedule of testing activities, Resources or Manpower required, Risk Issues, Features to be tested and not to be tested, Test Tools and Environment Requirements.
Test Strategy is a document prepared by the Quality Assurance Department with the details of testing approach to reach the Quality standards.
Test Scenario is prepared based on the test cases and test scripts with the sequence of execution.
Test case is a document normally prepared by the tester with the sequence of steps to test the behavior of feature/functionality/non-functionality of the application.
Test Case document consists of Test case ID, Test Case Name, Conditions (Pre and Post Conditions) or Actions, Environment, Expected Results, Actual Results, Pass/Fail.
The Test cases can be broadly classified as User Interface Test cases, Positive Test cases and Negative Test cases.
Test Script is a program written to test the functionality of the application. It is a set of system readable instructions to automate the testing with the advantage of doing repeatable and regression testing easily.
It is the Hardware and Software Environment where is the testing is going to be done. It also explains whether the software under test interacts with Stubs and Drivers.
Test Procedure is a document with the detailed instruction for step by step execution of one or more test cases. Test procedure is used in Test Scenario and Test Scripts.
Test Log contains the details of test case execution and the output information.
September 22, 2008
What are the major activities in Database Testing?
Checking the Data Validity
Checking the Data Integrity
Checking the Performance related to Database
Checking the Security Aspects
The aspects to be considered in Database Schema testing are,
Checking the Databases and Devices
Checking the Tables, Fields, Constraints, Defaults
Checking the Keys and Indexes
Checking the Stored procedures & Packages
Checking the Error messages
Checking the Triggers - Update, Insert, Delete
Checking the Schema comparisons
June 22, 2008
What is Fuzz Testing ?
• Set up a correct file to enter your program.
• Restore some part of the file by using random data.
• Unlock the file with the program.
• Observe what breaks.
September 28, 2007
Explain Peer Review in Software Testing
Inspection – It is a more systematic and rigorous type of peer review. Inspections are more effective at finding defects than are informal reviews.
Ex : In Motorola’s Iridium project nearly 80% of the defects were detected through inspections where only 60% of the defects were detected through formal reviews.
Team Reviews – It is a planned and structured approach but less formal and less rigorous comparing to Inspections.
Walkthrough – It is an informal review because the work product’s author describes it to some colleagues and asks for suggestions. Walkthroughs are informal because they typically do not follow a defined procedure, do not specify exit criteria, require no management reporting, and generate no metrics.
Pair Programming – In Pair Programming, two developers work together on the same program at a single workstation and continuously reviewing their work.
Peer Deskcheck – In Peer Deskcheck only one person besides the author examines the work product. It is an informal review, where the reviewer can use defect checklists and some analysis methods to increase the effectiveness.
Passaround – It is a multiple, concurrent peer deskcheck where several people are invited to provide comments on the product.
August 30, 2007
Explain Compatibility Testing with an example.
Ex : If Compatibility testing is done on a Game application, before installing a game on a computer, its compatibility is checked with the computer specification that whether it is compatible with the computer having that much of specification or not.
What is Traceability Matrix ?
August 29, 2007
Explain Load, Performance, Stress Testing with an example
Say for example if there is an application which can handle 25 simultaneous user logins at a time. In load testing we will test the application for 25 users and check how application is working in this stage, in performance testing we will concentrate on the time taken to perform the operation. Where as in stress testing we will test with more users than 25 and the test will continue to any number and we will check where the application is cracking the Hardware resources.
January 23, 2007
Explain Boundary value testing and Equivalence testing with some examples.
January 17, 2007
What is Security testing?
What is Installation testing?
December 27, 2006
What is AUT ?
What is Defect Leakage ?
November 18, 2006
What are the contents in an effective Bug report?
· Detected By (Name of the Tester)
· Assigned To (Name of the Developer who is supposed to the Bug)
· Test Lead ( Name )
· Detected in Version
· Closed in Version
· Date Detected
· Expected Date of Closure
· Actual Date of Closure
· Priority (Medium, Low, High, Urgent)
· Severity (Ranges from 1 to 5)
· Status· Bug ID
· Test Case Failed (Test case that is failed for the Bug)
What is Bug Life Cycle?
· New or Opened
What is Error guessing and Error seeding ?
Error Seeding is the process of adding known faults intentionally in a program for the reason of monitoring the rate of detection & removal and also to estimate the number of faults remaining in the program.
November 9, 2006
What is the difference between Bug, Error and Defect?
Explain Test bed and Test data.
Test Data is that run through a computer program to test the software. Test data can be used to test the compliance with effective controls in the software.
October 12, 2006
What is Negative testing?
September 18, 2006
What is SDLC and STLC? Explain its different phases.
· Requirement phase
· Designing phase (HLD, DLD (Program spec))
· System Study
· Test planning
· Writing Test case or scripts
· Review the test case
· Executing test case
· Bug tracking
· Report the defect
September 13, 2006
What is Ad-hoc testing?
For Ad hoc testing one should have strong knowledge about the Application.
September 11, 2006
Describe bottom-up and top-down approaches in Regression Testing.
Top-down approach : In this approach testing is conducted from main module to sub module. if the sub module is not developed a temporary program called STUB is used for simulate the submodule.
What is the difference between structural and functional testing?
September 9, 2006
What is the difference between Re-test and Regression Testing?
Regression Testing - Testing the application after a change in a module or part of the application for testing that is the code change will affect rest of the application.
What is UAT testing? When it is to be done?
Labels: UAT Testing
September 8, 2006
What are the basic solutions for the software development problems?
· Schedules should be realistic - enough time to plan, design, test, bug fix, re-test, change, and document in the given schedule.
· Adequate testing – testing should be started early, it should be re-tested after the bug fixed or changed, enough time should be spend for testing and bug-fixing.
· Proper study on initial requirements – be ready to look after more changes after the development has begun and be ready to explain the changes done to others. Work closely with the customers and end-users to manage expectations. This avoids excessive changes in the later stages.
· Communication – conduct frequent inspections and walkthroughs in appropriate time period; ensure that the information and the documentation is available on up-to-date if possible electronic. More emphasize on promoting teamwork and cooperation inside the team; use prototypes and proper communication with the end-users to clarify their doubts and expectations.